OSCP
and
Me
by OJ Reeves - @TheColonial
Agenda
-
What is OSCP?
- Who am I?
-
Why did I want OSCP?
-
What was it like?
-
Is it valuable?
Structure
Very informal
Ask questions as you think of them
Banter/harassment welcome
What is OSCP
Offensive Security Certified Professional
http://offensive-security.com/
A certification attained by working
through the "Penetration Testing
with Kali" labs and passing a
24 hour hacking exam.
What is OSCP?
A course and exam with a reputation!
Respected among infosec people
(unlike most certs, esp in dev)
A fantastic way to learn about
penetration testing...
... if your'e a masochist.
What is OSCP?
A self-paced course
Low on material, high on content
No knowledge assumed,
lots expected!
It's all about the lab
The OSCP lab
Virtual lab
4 networks
Shared among students
"famous" machines
Amazingly fun and horrible
The OSCP Lab
Mixture of operating systems
Custom applications
Known apps with known vulns
HUGE variety of attack vectors
Pwn as many boxes as you can
Who am I?
I'm nobody
Just another dev
Keen on security
Looking for a challenge
Enterprise dev was killing me
Who am I?
A generalist developer
Mixed background
Plenty of RCE in the past
Why not kickstart my infosec career
with a valuable cert?
Why did I want OSCP?
Skeptical of certs (thanks MCSD!)
Lots of research ... OSCP appeared
Well-respected people said "Do it!"
Testimonials made it sound brutal
Hard to get == valuable
Why did I want OSCP?
Validate that I had what it takes
to get into infosec at a late stage
in my career
Learn a great deal about offensive
security and how it can affect the way
I build software
Seemed legit.
The response?
Many devs thought I was mad
They expected this
The response?
Infosec folk wished me luck
Supported my effort
Were really encouraging
I signed up and threw myself into it
What was it like?
Well ...
... it was brutal!
Because:
- Material was introductory
- Much of it was "new"
- I'd never so much as done
a boot2root before - In most cases I had no idea
where to even start!
What was it like?
I also lacked "polish" in
- Some basics such as..
- Port forwards
- Tunnels
- Moving around networks
- General use of "the tools"
- Familiarity with the "scene"
- MS08-067? WOSSAT?
What was it like?
Dropped in the deep end
with heavy shoes
Material taught: how to crawl
Labs expected: how to climb Everest
Short Timeline
30 days lab time
3 hours of reading, got bored
INTO THE LAB!
Rest of the day, pwned one box
Really. Simple. SQLi.
DB running as SYSTEM.
How I saw myself
How the pros saw me
Short Timeline
Second day: Nothing.
Third day: Nothing.
Fourth day: ....
... nothing.
Not even basic entry, let alone priv esc.
Short Timeline
Fifth day
Changed my approach
Started to think like a "bad guy"
Saw things in a different light
... 7 machines popped.
Short Timeline
The rest of the month got easier
and harder
Then there was Pain ...
... and Sufference [sic] ...
.. and others.
By the End...
Pwnd most of all networks
Only a few machines left
Pondered extra lab time
F**k it. Bring on the exam!
Exam
5 machines in 24 hours,
70pts / 100 required
1st in 45 mins
2nd just about an hour later
3rd fell 3 hours after that
getting harder ...
Exam
4th machine was the hardest
I left it for a while and came back
5th didn't take long to fall
Last machine came down after
a total of 14 hours
Even in the exam I learned new things
Did I pass?
What did it teach?
Everything is full of holes
Looting boxes is key
"Try Harder"
advice sucks
but really works
Value to devs?
Huge value
Eye opening to see how apparently
innocuous issues can lead to holes
Changes the way you right code
Now more aware of potential flaws
with every single line I write
Value to Devs
Make them aware of security early
Bake it into the dev process
Become more critical of their own stuff
Hopefully reduce security issues
long term
Conclusion
It's awesome
It's fun
It's edumacational
REALLY good value for money
Do it.
Questions?
Then came OSCE
OSCP and Me by OJ Reeves - @TheColonial
OSCP and Me
By OJ
OSCP and Me
- 1,294
